Address Compliance Issues

Why is this Important? You have to understand what privacy laws, compliance reporting, and regulatory agencies will apply to your software, if any, and how that will impact payment from payers, providers, and patients.

Key Actions Things to Consider Tool Kit
Find professional regulatory consultant Find a consultant with domain expertise (e.g. electronic medical records, HIPAA)
Identify any privacy laws or regulations that may apply to your product/service and outline an action plan What are the HIPAA requirements?

Any tool you use will not maintain compliance by itself.

If offering a treatment alternative, you may need to do clinical trials to prove efficacy or equivalence to the FDA

Look into applicable state privacy laws

FDA, FTC, & Office of Civil Rights (OCR) Guidelines

Regulatory Questions Worksheet

Identify how you will keep data and other user information secure What infrastructure are you using? Encryption?

Watch out for the security of the providers/systems you might interface with

Make it “secure by design”: Encrypt while generating, in transit, and in storage. Doing this from the start is easier and cheaper than retrofitting security later on.

Be especially diligent about Personally Identifiable Information (PII) and Protected Health Information (PHI)

Outline clinical trials required and timing This is critical if seeking to obtain reimbursement from private insurance and Medicare/Medicaid